CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2330 – Gentoo Linux Security Advisory 201706-15
https://notcve.org/view.php?id=CVE-2015-2330
28 Dec 2015 — Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. Verificación tardía del certificado TLS en WebKitGTK+ anterior a la versión 2.6.6 permite a atacantes remotos ver una solicitud HTTP segura, incluyendo, por ejemplo, cookies seguras. Multiple vulnerabilities have been found in WebKitGTK+, the worst of which allows remote attackers to execute arbitrary code. Versions less than 2.16.3 are affected. • http://www.openwall.com/lists/oss-security/2015/03/17/11 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2010-4198 – WebKit: Memory corruption due to improper handling of large text area
https://notcve.org/view.php?id=CVE-2010-4198
05 Nov 2010 — WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document. Google Chrome antes de su versión v7.0.517.44 no maneja correctamente areas de texto demasiado grandes, lo que permite a atacantes remotos causar una denegación de servicio (por corrupción de memoria) o incluso posiblemente... • http://code.google.com/p/chromium/issues/detail?id=55257 • CWE-20: Improper Input Validation •